A search on Twitter for “#Cloud” results in a listing with new tweets arriving a few times each minute on this topic, so clearly ‘the Cloud’ or cloud computing is on the minds of a global audience. When scanning through these tweets and headlines, though, one can see there is still a great deal of debate on what cloud computing is and is not, who benefits from it, and what industry will be saved by it next.
Unfortunately cloud computing is misunderstood by many, and in regulated industries like Pharma the adoption rate has been slowed by stories like Amazon’s outage, which had an impact on thousands of “hosted” businesses. There is also a misperception that all cloud data/resources are multi-tenant, with your neighbor’s data a click of the mouse away.
There are a variety of ways to leverage the benefits of cloud computing, even for heavily regulated industries; however, the key is taking the time to understand each offering and how it is structured, maintained and protected. Recognizing the differences in cloud offerings will help organizations decide on the most effective and secure solution.
Within this series of posts, Mike Trudnak, Daryl Porter, and I want to first describe the common language associated with clouds and potential benefits to organizations that use them. We will then expose a newer framework that changes the discussion from the traditional public/private/hybrid clouds to another model of describing cloud formations. We will end the series with a deeper look at what cloud formation best illustrates Clinipace Worldwide as a cloud provider.
What is cloud computing?
In its most basic sense, cloud computing generally means “location agnostic”. There are many clear advantages to using a resource not tied to a single physical location or machine; however, depending on the type of cloud computing utilized, the potential for these advantages can be maximized or minimized. Some examples where cloud computing can benefit an organization are:
- Load balancing of system resources across potentially wide ranging geographic areas,
- More efficient consumption of computing resources,
- Lowered operational costs,
- Increased Security,
- Fault tolerance,
- System uptime,
- and disaster recovery.
Types of clouds
Traditionally, cloud computing resources are classified into one of three categories – public, private, orhybrid. There are three main service types that a cloud provider offers to a client using these resources –Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS). Let’s briefly examine each of these categories and what benefits a cloud provider might offer to clients within them.
In a public cloud, a client accesses off-site services using Internet technologies administered by the provider. These offerings typically have very advanced infrastructures supporting them and the client has zero visibility into these systems. The client has no knowledge of where their resources are being hosted, nor do they have control over securing or planning those resources. The “hand-off” between the provider and the client involves a large measure of trust and good faith that the provider adheres to their advertised principles and security standards. Many offerings from providers reside in this category. One example is Amazon’s cloud which is an industry leading IaaS solution, allowing from a single user up to a 1,000+ employee company to quickly and cheaply create and use virtualized infrastructure like servers and load balancers.
Public clouds allow a client to focus on its core business rather than investing a large amount of time and other resources building a solution in-house. Homegrown solutions require a team to provide ongoing support and can be inherently less robust simply because of cost. Costs become much more predictable under an OpEx model as opposed to the challenges faced by many IT administrators living in a CapEx world who constantly deal with scalability problems and unpredictable usage needs. For many companies this is a smart business and financial decision but for those regulated by various standards (SOX, PCI, 21 CFR Part 11) public clouds can be more challenging to manage given the necessity to demonstrate effective controls and conduct audits.
Some would say that anyone using virtualization internally is using a private cloud, and while this is true in a technical sense, the private cloud model expands on this concept quite a bit. In a private cloud, a client has some knowledge of where resources reside, at least in terms of their data. In this case, the client’s data does not share space, it lives either in-house or in a data center that provides segregation of resources. For example, many known providers offer leased equipment for which they maintain the responsibility of provisioning, building, monitoring and supporting it. The equipment might “live” inside a leased rack within a data center so physical segregation is achieved, but the actual resource management is handed off to the client’s in-house IT staff. Virtualization technologies are leveraged heavily and tend to be paired with extremely robust storage architecture. A provider can easily spend millions of dollars provisioning a robust storage fabric then hand-off a slice of it to a client who only needs a fraction of the space available, but wants the advantages of a high-end storage area network (SAN).
In a private cloud, the setup, security and controls are all easily audited, guaranteeing the sanctity of the data residing there. Providers undergo regular audits, maintain industry specific standards and certifications, and are an integral part of many businesses. These offerings are far more secure and reliable than what can be built in-house, and are maintained by experts who do nothing but this work, rather than an overworked IT staff that all too often are wearing too many hats. If it is a legitimate provider their processes should be very transparent and meet all the same standards that would be required by an in-house solution.
Hybrid Clouds – As the name suggests a hybrid cloud combines the best features of the public and private clouds. Clients can still take advantage of predictable, lowered costs while maintaining the highest levels of security. There are many variations of a hybrid cloud, and how the cloud is formed depends on the specific services needed by the client. An example of a hybrid cloud is having critical infrastructure components reside on-site with the client in a private cloud and extending these components to a public cloud offering through other services such as Google Apps.
Stay tuned for our next post, which will describe a different model of categorizing clouds and provide an example of a cloud formation within that model.
This blog post collaboratively written by Mike Trudnak, Daryl Porter and Lisa Jamba.